svn commit: r337776 - head/sys/netinet6

[Jonathan T. Looney]

On Thu, Aug 30, 2018 at 6:00 PM Kristof Provost <kp at freebsd.org> wrote:

> On 14 Aug 2018, at 19:17, Jonathan T. Looney wrote:
>
> + uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
>
> I’m pretty sure you didn’t mean for the hashkey to be 1028 bytes long.
>
Yikes. Yep, that's a bug.

I originally spelled this as 9; however, decided to rewrite it to avoid
"magic numbers". It made it through all my manual testing; but, that makes
sense since all my positive functional tests were on an unloaded machine,
so the extra stack garbage would be more likely to be consistent.


> I’ve done this, which fixes the problem:
>
> diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c
> index 0f30801540a..e1f2b3f5842 100644
> --- a/sys/netinet6/frag6.c
> +++ b/sys/netinet6/frag6.c
> @@ -218,7 +218,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
>         int offset = *offp, nxt, i, next;
>         int first_frag = 0;
>         int fragoff, frgpartlen;        /* must be larger than u_int16_t */
> -       uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
> +       uint32_t hashkey[(sizeof(struct in6_addr) * 2 + sizeof(u_int32_t)) /
> +           sizeof(uint32_t)];
> +       uint32_t hash, *hashkeyp;
>         struct ifnet *dstifp;
>         u_int8_t ecn, ecn0;
>  #ifdef RSS
>
>
That looks fine to me, either with or without the followup suggestion of
using sizeof(ip6f->ip6f_ident). Feel free to commit this change (after
appropriate re@ approval). Or, let me know if you prefer I do it. Either
way, I'll wear the pointy hat (sadly, I suspect it is neither the first nor
last I will earn).

Jonathan